Half Of UK Businesses Have Fallen For Phishing Attacks

Uploaded on 2019-03-25 in GOVERNMENT-Law Enforcement, FREE TO VIEW

Almost half of all British organisations have fallen victim to phishing attacks in the last two years, with larger businesses the most likely to been compromised, despite also being most likely to conduct cyber security training for staff. 

Research by security company Sophos has found that 45 percent of UK organisations were compromised by phishing attacks between 2016 and 2018, and that 54 percent had identified instances of employees replying to unsolicited emails or clicking the links in them.

Phishing emails are a common attack technique deployed in hacking campaigns, with hackers attempting to lure victims into downloading malware or entering sensitive credentials into a phony version of a website, such as a bank, a retailer, or a fake login page of the target organisation's own email system.

The attacks sound simple, but they're often deployed as the first step in campaigns by groups ranging from cyber-criminal gangs looking to make money, to nation-state-backed hacking groups looking to conduct espionage or cause disruption.
Even if there hasn't been any immediate or obvious damage, there's the potential for attackers to have gained persistent access to target networks, especially if the victim hasn't done anything to counter the attack.

"It's difficult to assess how successful attacks are being exploited. It could be anything from simple credential theft to a network compromise leading to a data breach and everything in between," John Shier, senior security expert at Sophos told ZDNet. 

There's also the potential that the attackers could gain further ground if there are instances of password re-use by the victim, which is why security professionals recommend that multi-factor authentication is applied across the enterprise.

"Regardless of the end goal, it's important to understand that once a cyber-criminal has your credentials, as far as the authentication systems know, they are you. This is why two-factor authentication is a must for all your accounts," said Shier.

While cyber criminals attack organisations of all sizes, the Sophos study, undertaken by Sapio Research, suggests that it's larger organisations that are more likely to fall victim to a phishing attack: 54 percent of organisations with between 500 and 1,000 employees have fallen victim to phishing in the past two years.

That figure drops to 39 percent for firms with 250 to 500 staff, and drops again to just 14 percent for businesses with under 250 people. While smaller firms are often said to be easier targets for hackers, it's likely that cyber criminals looking for a lucrative payday will be focusing their attentions on large organisations. However, with the threat that phishing poses, it's not something that any organisation of any size can afford to ignore, and senior executives should ensure their business has processes in place to attempt to prevent it from happening, as well as providing proper channels for employees to report suspected attacks.

"The reality is that 100 percent of organisations will be faced with fending off phishing attacks and unfortunately many attacks will succeed. Knowing that you've been compromised and reacting quickly is paramount," said Shier.

"Not only should organisations urge their users to report potential phishing attacks but also encourage a safe reporting environment for when users make a mistake," he added.

ZDNet:

For economic and accurate staff and management cyber security training that includes phishing security training please contact Cyber Security Intelligence.

You Might Also Read:

Hidden Truth About Cyber-Crime: Insider Threats

How To Develop Secure Cybersecurity Practices:

 

 

 

« Three In Five Politicians’ Websites Don’t Use Cyber Security
US Surveillance System Exposed By Snowden Goes Dormant »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Opengear

Opengear

Opengear ensures network resilience to enterprises by enabling business continuity with the Network Resilience Platform.

StoneFly

StoneFly

StoneFly offers High Availability, high performance cluster and scale out storage, and backup and disaster recovery appliances.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

KLDiscovery

KLDiscovery

KLDiscovery is a global leader in delivering best-in-class eDiscovery, information governance and data recovery solutions.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

Prolimax

Prolimax

Prolimax deliver innovative solutions to IT Manufacturers, Distributors, Resellers and End-users including Data Erasure and secure IT Asset Disposition (ITAD)

Securis

Securis

Securis provides organizations and agencies with the highest level of professional, ultra-secure data destruction and IT recycling.

Sygnia

Sygnia

Sygnia is a cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide.

Norma Inc.

Norma Inc.

Norma provides the secured wireless environment (WiFi and Bluetooth) with the unauthorized AP detection, and secures your IoT assets from various threats.

AwareGO

AwareGO

AwareGO is a global provider of security awareness training content and solutions that help enterprises improve cybersecurity awareness in the workplace.

Randaemon

Randaemon

RANDAEMON’s mission is to create True Random Number Generators (TRNG) that are hardware-based and integrated into System-on-Chip.

TriCIS

TriCIS

TriCIS design and engineer highly secure integrated solutions that meet the highest government and military security standards, providing information assurance to organisations across the globe.

TrueBees

TrueBees

TrueBees is the first deepfakes detector able to detect AI-generated portraits shared on social media and to prevent their diffusion across the web.

Hacker School

Hacker School

Hacker School offers technology motivated training programs that provide Cyber Security Certifications and Courses.

Xiphera

Xiphera

Xiphera designs and implements proven cryptographic security for embedded systems.